Date: Mon, 14 Dec 2009 11:19:30 -0500 From: "Kevin" <k@kevinkevin.com> To: <freebsd-pf@freebsd.org> Subject: PF Transparent Bridge Firewall + CARP Message-ID: <002601ca7cd9$380cc970$a8265c50$@com>
next in thread | raw e-mail | index | archive | help
Hello, I have what I would consider not a standard firewall scenario that requires a second, redundant PF firewall. My first / main firewall is pf + transparent bridging with no internal network / ip addresses. I would like to implement a second failover firewall w/ CARP and have a pretty good idea of how I can accomplish this -- however , I would like to hear opinions / suggestions of implementing the most logical solution with CARP. I would like to implement CARP on the gateway IP address which will sit on the bridge0 interface, which bridges br01 + br02. Bridge0 will have no ip address assigned , and the gateway ip address will be assigned to carp0. Will I have to NAT traffic from carp0 > bridge0 ? will bridge0 be my ext_if in pf.conf , and int_if will be carp0? The main issue is maintaining redundancy, for me. It seems like an easy question, however Im just trying to wrap my brain around the one that doesn't cost as much overhead and is the simplest / most logical. Pertinent info : FreeBSD fw 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #4: Tue Dec 16 13:00:03 EST 2008 admin@fw:/usr/obj/usr/src/sys/FW i386 If you need additional information ,please let me know. Suggestions are welcome. Thanks, Kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002601ca7cd9$380cc970$a8265c50$>